Case Study: GitLab achieves default DevSecOps container security with Aqua Trivy

GitLab Uses Aqua Trivy to Provide Customers with Default DevSecOps Container Security

The customer, GitLab, a DevOps platform provider, faced the challenge of finding a vulnerability scanning tool that was easy to integrate into both CI pipelines and production environments. They needed a solution that offered accurate results, frequent updates, and support for offline, air-gapped systems to provide the best value to their users without overburdening their own engineering teams.

The vendor, Aqua Security, provided their open-source solution, Aqua Trivy, which was selected for its fast and accurate vulnerability data, simplified deployment, and critical offline support. This integration allowed GitLab to make Trivy the default scanner for its Gold and Ultimate tier customers, enhancing their built-in security. Furthermore, Trivy's compatibility with Aqua Starboard provides a path for GitLab to offer future production scanning capabilities, moving towards an end-to-end, secure DevOps workflow.

GitLab

Samuel White

Principal Product Manager